doc: update description of -u option and user directive

chrony.texi.in

@@ -976,15 +976,13 @@ no RTC or the RTC is broken (e.g. it has no battery).
 @item -u <user>
 This option sets the name of the system user to which @code{chronyd} will
 switch after start in order to drop root privileges.  It overrides the
-@code{user} directive (default @code{@DEFAULT_USER@}).  It may be set to a
+@code{user} directive (default @code{@DEFAULT_USER@}).
-non-root user only when @code{chronyd} is compiled with support for Linux
-capabilities (libcap), on NetBSD with the @code{/dev/clockctl} device or on
-Mac OS X.
 
-In the Mac OS X implementation @code{chronyd} forks into two processes.  The
+On Linux, @code{chronyd} needs to be compiled with support for the
-child process retains root privileges but can only perform a very limited range
+@code{libcap} library.  On Mac OS X, FreeBSD, NetBSD and Solaris @code{chronyd}
-of privileged system calls on behalf of the parent.  The parent process drops
+forks into two processes.  The child process retains root privileges, but can
-root privileges to run as the specified system user.
+only perform a very limited range of privileged system calls on behalf of the
+parent.
 @item -F <level>
 This option configures a system call filter when @code{chronyd} is compiled with
 support for the Linux secure computing (seccomp) facility. In level 1 the
@@ -3181,16 +3179,15 @@ Valid measurements with corresponding compensations are logged to the
 @subsection user
 The @code{user} directive sets the name of the system user to which
 @code{chronyd} will switch after start in order to drop root privileges.
-It may be set to a non-root user only when @code{chronyd} is compiled with
-support for Linux capabilities (libcap), on NetBSD with the
-@code{/dev/clockctl} device or on Mac OS X.
 
-In the Mac OS X implementation @code{chronyd} forks into two processes.  The
+On Linux, @code{chronyd} needs to be compiled with support for the
-child process retains root privileges but can only perform a very limited range
+@code{libcap} library.  On Mac OS X, FreeBSD, NetBSD and Solaris @code{chronyd}
-of privileged system calls on behalf of the parent.  The parent process drops
+forks into two processes.  The child process retains root privileges, but can
-root privileges to run as the specified system user.
+only perform a very limited range of privileged system calls on behalf of the
+parent.
 
-The default value is @code{@DEFAULT_USER@}.
+The default value is @code{@DEFAULT_USER@}.  The configure script has a
+@code{--with-user} option, which sets the default value.
 @c }}}
 @c }}}
 @c {{{ S:Running chronyc

chronyd.8.in

@@ -101,14 +101,12 @@ RTC or the RTC is broken (e.g. it has no battery).
 \fB\-u\fR \fIuser\fR
 This option sets the name of the system user to which \fBchronyd\fR will switch
 after start in order to drop root privileges.  It overrides the \fBuser\fR
-directive (default \fB@DEFAULT_USER@\fR).  It may be set to a non-root user
+directive from the configuration file (default \fB@DEFAULT_USER@\fR).
-only when \fBchronyd\fR is compiled with support for Linux capabilities
-(libcap), on NetBSD with the \fB/dev/clockctl\fR device or on Mac OS X.
 
-In the Mac OS X implementation \fBchronyd\fR forks into two processes.  The
+On Linux, \fBchronyd\fR needs to be compiled with support for the \fBlibcap\fR
-child process retains root privileges but can only perform a very limited range
+library.  On Mac OS X, FreeBSD, NetBSD and Solaris \fBchronyd\fR forks into two
-of privileged system calls on behalf of the parent.  The parent process drops
+processes.  The child process retains root privileges, but can only perform a
-root privileges to run as the specified system user.
+very limited range of privileged system calls on behalf of the parent.
 .TP
 \fB\-F\fR \fIlevel\fR
 This option configures a system call filter when \fBchronyd\fR is compiled with

doc/faq.adoc

@@ -128,11 +128,13 @@ under the root or chrony user (which can access +chronyd+ through a Unix domain
 socket since version 2.2), you can disable the internet command sockets
 completely by adding +cmdport 0+ to the configuration file.
 
-On Linux, if +chronyd+ is compiled with support for Linux capabilities
+You can specify an unprivileged user with the +-u+ option, or the +user+
-(available in the libcap library), or on NetBSD with the +/dev/clockctl+
+directive in the 'chrony.conf' file, to which +chronyd+ will switch after start
-device, you can specify an unprivileged user with the +-u+ option or +user+
+in order to drop root privileges.  The configure script has a +--with-user+
-directive in the 'chrony.conf' file to drop root privileges after start.  The
+option, which sets the default user.  On Linux, +chronyd+ needs to be compiled
-configure option +--with-user+ can be used to drop the privileges by default.
+with support for the +libcap+ library.  On other systems, +chronyd+ forks into
+two processes.  The child process retains root privileges, but can only perform
+a very limited range of privileged system calls on behalf of the parent.
 
 Also, if +chronyd+ is compiled with support for the Linux secure computing
 (seccomp) facility, you can enable a system call filter with the +-F+ option.